P
US7904945B2ExpiredUtilityPatentIndex 62

System and method for providing security for a wireless network

Assignee: MESHNETWORKS INCPriority: Oct 27, 2004Filed: Oct 26, 2005Granted: Mar 8, 2011
Est. expiryOct 27, 2024(expired)· nominal 20-yr term from priority
Inventors:ZHENG HEYUN
H04L 63/083H04W 84/22H04L 63/162H04W 84/18H04L 63/08H04L 63/104H04W 12/76H04W 12/03H04W 12/069H04W 12/50H04W 12/068
62
PatentIndex Score
3
Cited by
28
References
9
Claims

Abstract

A system and method for providing secure communication between nodes ( 102, 106, 107 ) in a wireless multihopping communication network ( 100 ). The system and method achieve secure communication in a multihopping wireless network ( 100 ) by, for example, providing a transport medium for transmission of multihopping authentication messages ( 400 ) by the infrastructure devices, such as intelligent access points ( 106 ) or wireless routers ( 107 ), and user devices, such as mobile nodes ( 102 ). The authentication messages ( 400 ) are used to verify the identity of a node ( 102, 107 ) to thus permit the node ( 102, 107 ) to communicate within the network ( 100 ). The system and method further use, for example, encryption techniques for protecting the content data packet ( 1000 ) traffic being transmitted the nodes ( 102, 106, 107 ) within the wireless network ( 100 ).

Claims

exact text as granted — not AI-modified
1. A method for providing secure communication in a wireless multi-hop communication network, the method comprising:
 storing within each of a plurality of nodes operating within the wireless communication network a respective series of group identifications and a respective series of group passwords; 
 creating a secure communication path between a source node and a destination node of the plurality of nodes by:
 establishing a security association between the source node and a next hop node by negotiating a group identification including selecting a group identification stored in both the source node and the next hop node, and 
 using a group password associated with the group identification as the pair wise master key to protect at least one data packet communication between the source node and the next hop node; 
 
 determining if the next hop node is the destination node; and 
 when the next hop node is not the destination node, repeating the creating of a secure communication path between the next hop node and a further next hop node and repeating the determining step; and 
 when a secure communication path has been established between each of the nodes between the source and the destination node, securely communicating one or more data packets between the source node and the destination node. 
 
     
     
       2. A method as claimed in  claim 1 , further comprising prior to creating the secure communication path:
 authenticating each of the plurality of nodes by:
 transmitting an authentication message over a Layer  2  medium from the node, through each of a plurality of intermediate nodes, to an access point that provides access to a wired network;
 forwarding the authentication message to an authentication server by the access point; and 
 determining, based on the authentication message, whether the node is authorized to communicate in the wireless communication network by the authentication server. 
 
 
 
     
     
       3. A method as claimed in  claim 2 , further comprising:
 when the authentication server determines that the node is authorized to communication in the wireless communication network, informing the node of its authorization. 
 
     
     
       4. A method as claimed in  claim 2 , wherein:
 the access point sends the authentication message to the authentication server using a transport medium other than Layer  2 . 
 
     
     
       5. A method as claimed in  claim 2 , wherein:
 the authentication message comprises a media access control header, an ad-hoc routing header, and an Extensible Authentication Protocol Over Local Area Network (EAPOL) field. 
 
     
     
       6. A method as claimed in  claim 1 , wherein:
 each of the plurality of nodes is one of a user device and a wireless router. 
 
     
     
       7. A method as claimed in  claim 1 , further comprising:
 including in the data packet a code for identifying the source node as an origin of the data packet. 
 
     
     
       8. A method as claimed in  claim 7 , further comprising:
 generating the code based on the media access control address of the source node. 
 
     
     
       9. A method as claimed in  claim 1 , further comprising:
 encrypting at least a portion of the data packet before transmitting the data packet from the source node to the next hop node.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.